<?
if (is_numeric($_GET['x']) && is_numeric($_GET['y']) && isset($_GET['hash'])) {
    require "includes/db.php";
    $split = explode(",", $_GET['hash']);
    if (count($split) == 2) {
        if (is_numeric($split[0]) && strlen($split[1]) == 31) {
            $sql = "select user_name, user_first_name, user_last_name, user_email from users where user_id = '" . $split[0] . "';";
            $result = mysql_query($sql);
            if (!$result) {
                die();
            }
            if (mysql_num_rows($result) == 1) {
                $row = mysql_fetch_array($result);
                if ($split[1] == substr(md5($row['user_name'] . "b" . $row['user_first_name'] . "c" . $row['user_last_name'] . "d" . $row['user_email']), 1)) {
                    $sql = "UPDATE users SET x = '".$_GET['x']."', y = '".$_GET['y']."', user_last_update = NOW() WHERE user_id = '".$split[0]."' LIMIT 1;";
                    mysql_query($sql);
                }
            }
        }
    }
}
?>
